Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.

中文翻译：

---

异常事件序列检测

异常检测已广泛应用于现代数据驱动的安全应用程序中，以检测偏离大多数的异常事件/实体。然而，在检测可疑事件序列/路径方面所做的工作较少，在区分复杂系统（例如网络物理系统）中的正常和异常行为方面，它们是比单个事件/实体更好的鉴别器。这项工作的一个关键且具有挑战性的步骤是如何以有效和准确的方式从数百万个系统事件记录中发现那些异常事件序列。为了解决这个问题，我们提出了 NINA，一种基于网络扩散的算法，用于识别异常事件序列。静态和流数据的实验结果表明，NINA 是高效的（每分钟处理约 200 万条记录）且准确。